The cloud computing market is dominated by some familiar names. Amazon's cloud service is its most profitable unit. Microsoft has pegged its future to its cloud computing businesses, leading to a very enthusiastic response from Wall Street. Google, too, is betting big on cloud computing as something that could be bigger than its advertising business.

What exactly are these companies selling? Who's buying it? And why is one company that wasn't even in enterprise technology a decade ago — Amazon — beating the pants off everyone else? Here's the state of play in the cloud game.

The most important concept in cloud computing is "hyperscale." To support their own websites and services, Amazon, Microsoft, and Google have all built a ton of computing infrastructure. Their data centers are vastly bigger — and way more efficient — than those operated by or could be built by most other companies. ... <Big Snip>

there's clearly not space in the market for everyone, and there have already been some shakeouts. GoDaddy just sold off its cloud computing division. Early cloud provider Rackspace pivoted to offering support for others' platforms, and HP and VMware both threw in the towel entirely. It's expensive to compete with Amazon. ... Amazon and Microsoft have the no. 1 and no. 2 slots locked down for at least the next few years. "The fight now is for no. 3" ... {In a few years]"Amazon will still be the leader, and Microsoft will have closed the gap to be a strong second" <<

More than half of companies now have at least some Windows 10 PCs, says research.

The use of Windows 10 in business has now overtaken that of Microsoft's aging and out-of-support Windows XP, according to a survey.

In March this year, Windows XP, which went on sale in 2001, was running on 14 percent of laptops and desktops in businesses across the globe, according to data from Spiceworks, and Windows 10 had a share of nine percent. Now Windows 10 is at 13 percent, while XP has slipped to 11 percent of desktops and laptops, according to the company.

The operating system to beat remains Windows 7 which, according to the survey, is running on 68 percent of PCs in business. Windows 8 has a share of five percent and macOS is at two percent.

According to Spiceworks, as of the end of July, 60 percent of global organizations were using Windows 10, which launched almost two years ago. This is perhaps not as impressive a statistic as it sounds because Spiceworks includes any company that has one or more PCs running Windows 10, although Spiceworks said that 60 percent adoption rate put Windows 10 ahead of XP, Windows 8, and Windows Vista. And it suggests that the majority of businesses are at least testing Windows 10, ahead of further deployment.

Spiceworks' data comes from companies that use its software to create an inventory of their organization's laptops, desktops, servers, and other network devices.

Back in March, the Republican-led Congress voted to repeal FCC rules that blocked ISPs from selling your data to third parties without permission. The vote largely fell along party lines and President Trump signed the bill into law in early April.

The new rules will allow ISPs (your Comcasts, Charters, and AT&Ts) to "harvest" their customers' online data and sell it to third-party marketers. Monetized online behavior isn't new. If you Google "cold remedies," for example, don't be surprised to later encounter web ads for decongestants and tissues. What magical marketing fairies enabled this seamless synergy, you ask? Big Data!

Just about all your online data is automatically scraped, organized, and sold to advertisers so they can micro-tailor their sales pitches. This very profitable business model is how Google and Facebook have amassed astounding fortunes despite the fact that they give their products away for free.

Your data isn't necessarily used maliciously (as long as you don't consider capitalism to be inherently malicious), but it's unsettling to know your private data is just out there andup for sale in some virtual marketplace. Now your ISP can get in the Big Data game as well.

New FCC Chairman Ajit Pai said the move reverses "privacy regulations designed to benefit one group of favored companies over another group of disfavored companies." The subtext of the chairman's comment being that he believes the previous administration crafted rules to support Democratic-friendly Silicon Valley companies like Facebook and Google, while blocking less favored corporations like home cable/internet providers ( blech). However, that comparison doesn't exactly pan out.

While it is true that companies like Google and Facebook make money off your behavior, you are not forced to use these services. If you suddenly decided to stop using Facebook, you might miss out on cute pet pics and political rants from your friends and family, but you could still live a thoroughly modern existence. You could even choose to avoid the Google-o-sphere entirely by using Bing or DuckDuckGo for your web searches, Dropbox instead of Google Drive, or iOS instead of the Google-maintained Android.

You don't have this choice when it comes to your ISP—your home's gateway to the entirety of the internet. While there are alternatives to Google and Facebook, most Americans have limited home ISP alternatives. Some areas have only one provider. So this bill gives a green light to unescapable corporate data mining. You and your data are captives—unless you take proactive action to protect it.

"ISPs are in a position to see a lot of what you do online. They kind of have to be, since they have to carry all of your traffic," explains Electronic Frontier Foundation ( EFF) senior staff technologist Jeremy Gillula. "Unfortunately, this means that preventing ISP tracking online is a lot harder than preventing other third-party tracking—you can't just install [the EFF's privacy-minded browser add-on] Privacy Badger or browse in incognito or private mode."

VPN to the Rescue?One of the best ways to secure your data is to use a virtual private network (VPN), which provides greater control of how you're identified online. Simply put, a VPN creates a virtual encrypted "tunnel" between you and a remote server operated by a VPN service. All external internet traffic is routed through this tunnel, so your ISP can't see your data. If the site you're heading to uses HTTPS, your data stays encrypted, too. Best of all, your computer appears to have the IP address of the VPN server, masking your identity.

The man who wrote the book on password management has a confession to make: He blew it.

Back in 2003, as a midlevel manager at the National Institute of Standards and Technology, Bill Burr was the author of “NIST Special Publication 800-63. Appendix A.” The 8-page primer advised people to protect their accounts by inventing awkward new words rife with obscure characters, capital letters and numbers—and to change them regularly.

The document became a sort of Hammurabi Code of passwords, the go-to guide for federal agencies, universities and large companies looking for a set of password-setting rules to follow.

The problem is the advice ended up largely incorrect, Mr. Burr says. Change your password every 90 days? Most people make minor changes that are easy to guess, he laments. Changing Pa55word!1 to Pa55word!2 doesn’t keep the hackers at bay.

Also off the mark: demanding a letter, number, uppercase letter and special character such as an exclamation point or question mark—a finger-twisting requirement.

“Much of what I did I now regret,” said Mr. Burr, 72 years old, who is now retired.

In June, Special Publication 800-63 got a thorough rewrite, jettisoning the worst of these password commandments. Paul Grassi, an NIST standards-and-technology adviser who led the two-year-long do-over, said the group thought at the outset the document would require only a light edit.

“We ended up starting from scratch,” Mr. Grassi said.

The new guidelines, which are already filtering through to the wider world, drop the password-expiration advice and the requirement for special characters, Mr. Grassi said. Those rules did little for security—they “actually had a negative impact on usability,” he said.

Passwords have evolved. PHOTO: BLOOMBERG

Long, easy-to-remember phrases now get the nod over crazy characters, and users should be forced to change passwords only if there is a sign they may have been stolen, says NIST, the federal agency that helps set industrial standards in the U.S.

Amy LaMere had long suspected she was wasting her time with the hour a month it takes to keep track of the hundreds of passwords she has to juggle for her job as a client-resources manager with a trade-show-display company in Minneapolis. “The rules make it harder for you to remember what your password is,” she said. “Then you have to reset it and it just makes it take longer.”

When informed that password advice is changing, however, she wasn’t outraged. Instead, she said it just made her feel better. “I’m right,” she said of the previous rules. “It just doesn’t make sense.”

Academics who have studied passwords say using a series of four words can be harder for hackers to crack than a shorter hodgepodge of strange characters—since having a large number of letters makes things harder than a smaller number of letters, characters and numbers.

In a widely circulated piece, cartoonist Randall Munroe calculated it would take 550 years to crack the password “correct horse battery staple,” all written as one word. The password Tr0ub4dor&3—a typical example of a password using Mr. Burr’s old rules—could be cracked in three days, according to Mr. Munroe’s calculations, which have been verified by computer-security specialists.

How to See If Hackers Stole Your Password

Nobody is 100% hack proof, but you don’t have to make it easy to become a victim either. WSJ’s Nathan Olivarez-Giles explains how to see if your personal info has been taken in a hack, and what you can do to be safer. Photo/Video: Emily Prapuolenis/The Wall Street Journal (Originally published July 15, 2016)

Mr. Burr, who once programmed Army mainframe computers during the Vietnam War, had wanted to base his advice on real-world password data. But back in 2003, there just wasn’t much to find, and he said he was under pressure to publish guidance quickly.

He asked the computer administrators at NIST if they would let him have a look at the actual passwords on their network. They refused to share them, he said, citing privacy concerns.

“They were appalled I even asked,” Mr. Burr said.

With no empirical data on computer-password security to be found, Mr. Burr leaned heavily on a white paper written in the mid-1980s—long before consumers bought DVDs and cat food online.

The published guidelines were the best he could do.

“In the end, it was probably too complicated for a lot of folks to understand very well, and the truth is, it was barking up the wrong tree,” said Mr. Burr.

Nevertheless, NIST’s password advice became widely influential, not just within the federal government but on corporate networks, websites and mobile devices.

Collectively, humans spend the equivalent of more than 1,300 years each day typing passwords, according to Cormac Herley, a principal researcher at Microsoft Corp. His company once followed the Burr code for passwords, but no more.

The biggest argument against Mr. Burr’s prescriptions: they haven’t worked well. “It just drives people bananas and they don’t pick good passwords no matter what you do,” Mr. Burr said.

The past decade has seen a data-breach boom. Hackers have stolen and posted online hundreds of millions of passwords from companies such as MySpace, LinkedIn and Gawker Media.

Those postings have given researchers the data they need to take a hard look at how people’s passwords fare against the tools hackers used to break them. Their conclusion? While we may think our passwords are clever, they aren’t. We tend to gravitate toward the same old combinations over and over.

Back in 2003, Mr. Burr didn’t have the data to understand this phenomenon. Today, it is obvious to people like Lorrie Faith Cranor. After years of studying terrible concoctions, she put 500 of the most commonly used passwords on a blue and purple shift dress she made and wore to a 2015 White House cybersecurity summit at Stanford University.

Adorned with the world’s most common passwords—princess, monkey, iloveyou and others that are unprintable here—the dress has prompted careful study, and embarrassment.

“I’ve had people look at it and they’re like, ‘Oh, I’d better go change my passwords,’ ” said Ms. Cranor, a professor at Carnegie Mellon University.

The NIST rules were supposed to give us randomness. Instead they spawned a generation of widely used and goofy looking passwords such as Pa$$w0rd or Monkey1! “It’s not really random if you and 10,000 other people are doing it,” said Mr. Herley, the Microsoft researcher.

Mr. Grassi, who rewrote NIST’s new password guidelines, thinks his former colleague Mr. Burr is being a little bit hard on himself over his 2003 advice.

“He wrote a security document that held up for 10 to 15 years,” Mr. Grassi said. “I only hope to be able to have a document hold up that long.”

Just get a password vault program (something like KeePass keepass.info ) and generate truly random 20 char+ passwords.

Pass phrase is fine for your password vault. Pass phrases won't help with 50-100 passwords you need to have across different websites and accounts. How many "whopping galloping galaxy stable" phrases user can remember and associate with correct account?